- Fix multiple checksum handling vulnerabilities

(MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums * krb5 application services may accept unkeyed PAC checksums * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums CVE-2010-1323 * krb5 clients may accept unkeyed SAM-2 challenge checksums * krb5 may accept KRB-SAFE checksums with low-entropy derived keys CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=37
2010-12-01 10:45:18 +00:00
parent 2689697c16
commit 248552dcc5
5 changed files with 243 additions and 1 deletions
--- a/krb5.spec
+++ b/krb5.spec
@@ -56,6 +56,7 @@ Patch6:         krb5-1.6.3-kpasswd_tcp.patch
 Patch7:         krb5-1.6.3-ktutil-manpage.dif
 Patch8:         krb5-1.6.3-fix-ipv6-query.dif
 Patch12:        krb5-1.8-MITKRB5-SA-2010-006.dif
+Patch13:        MITKRB5-SA-2010-007-1.8.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@@ -204,6 +205,7 @@ Authors:
 %patch7 -p1
 %patch8 -p1
 %patch12 -p1
+%patch13 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do